Category: ZD Net

Meltdown-Spectre

Open-source champion Bruce Perens has called out Intel for adding a new restriction to its software license agreement along with its latest CPU security patches to prevent developers from publishing software benchmark results.

The new clause appears to be a move by Intel to legally gag developers from revealing performance degradation caused by its mitigations for Spectre and Foreshadow or ‘L1 Terminal Fault’ (L1FT) flaw speculative attacks.

“You will not, and will not allow any third party to … publish or provide any software benchmark or comparison test results,” Intel’s new agreement states.

But Perens thinks the bigger concern lies in Intel’s requirement not to publish benchmarks.

“Since the microcode is running for every instruction, this seems to be a use restriction on the entire processor. Don’t run your benchmarker at all, not even on your own software, if you ‘provide’ or publish the results,” he notes.

“So, lots of people are interested in the speed penalty incurred in the microcode fixes, and Intel has now attempted to gag anyone who would collect information for reporting about those penalties, through a restriction in their license. Bad move.”

Perens reckons Intel should rather own up to any damage caused by its patches.

“Silencing free speech by those who would merely publish benchmarks? Bad business. Customers can’t trust your components when you do that.”

ZDNet has sought a response from Intel and will update the story if it receives an answer.

For Hortonworks’ largest customers, streaming is becoming part of the mix. Over the past quarter, 10 of Hortonworks’ 17 million-dollar plus deals included Hortonworks Data Flow (HDF), the platform that curates and routes data in motion to Hadoop clusters. And as much of this data flows in and out of the cloud, Hortonworks DataPlane Service (DPS) was launched to provide a window for governing data flowing across hybrid or multi-cloud environments.

That’s the context for today’s announcement of Streams Messaging Manager (SMM), a new DPS module that adds more visibility to Kafka message queues. The new offering visualizes what’s going on in Kafka clusters, tracking traffic flow and bottlenecks. With integration to Apache Atlas and REST APIs that expose monitoring and management capabilities to third parties, SMM provides several paths by which Kafka traffic can be covered through governance umbrellas. For instance, by integrating with Atlas, lineage is now supported for Kafka down to the topic level.

The obvious comparison is with Confluent Enterprise, the original product in this space that provides a wide range of capabilities, from schema registry to cluster rebalancing, replication, and its own control center pane of glass. By comparison, SMM leverages the capabilities of the Hortonworks Data Platform for functions such as cluster management. But its differentiation is in the visualization; with SMM, you can see Kafka Producers (sources that send data) without requiring the need to build a client (Interceptor) to identify which producers are sending which messages.

SMM is not a standalone offering, but the newest tool in the DPS portfolio. To recap, DPS operates as a catalog of catalogs for registering data services that would otherwise be difficult to track in hybrid environments. Consider it a skeleton atop which specific tools are plugged in to provide visibility into different functions of the Hortonworks platform. SMM follows Data Analytics Studio, for exploring Hive metadata; and Data Steward Studio, for associating clusters with specific Hadoop NameNodes.

Along with the SMM release is a dot release refresh of Hortonworks HDF. The new version 3.2 adds refinements, such as Kerberos keytab isolation for improving control over the multi-tenant environments that are commonplace in the cloud and improved streaming performance through support of Hive 3.0.

The emergence of IoT has pushed streaming to the front burner. Capture and analysis of IoT data has been one of the prime use cases that have triggered HDF take-up. But other use cases, such as managing data movement between on-premise and cloud data centers and real-time ingest of Customer 360 data demonstrate that IoT is not the only game in town for streaming.

The study comes as Google faces criticism and now a lawsuit over the revelation that turning off Location History does stop it tracking iPhone and Android users’ location.

It’s worth noting the paper was published by Digital Content Next, a trade association supported by major news networks, including Associated Press, Bloomberg, Financial Times, The Guardian, ESPN, and ZDNet’s parent CBS Interactive.

The study delves into Google’s ad business and the role data collection plays. But from a user perspective, it focuses on Google’s collection of passive data, such as location data, as opposed to data a person knowingly shares with Google by using Search or Maps.

To compare Google’s passive data collection, Schmidt set up an Android phone with Chrome active in the background, and an iPhone with Safari but not Chrome. Both the phones were left stationary and untouched for 24 hours.

Over that period Schmidt found that the Android device sent 900 data samples to Google’s servers, of which about 35 percent were location related, while the remainder was for Google Play, and device data.

In total, the Android device sent about 4.4MB per day to Google while the iPhone sent 0.76MB per day, or about six times less data than the Android phone.

Google’s servers sent just over 40 requests per hour to the Android device compared with 0.73 requests per hour to the iPhone.

The comparison also found that iPhones send data 10 times less frequently to Apple’s servers than the Android device sent data to Google’s servers. Apple is also collecting location data just once per day on average.

“Our experiments show that a dormant, stationary Android phone (with Chrome active in the background) communicated location information to Google 340 times during a 24-hour period, or at an average of 14 data communications per hour,” the author notes.

“In fact, location information constituted 35 percent of all the data samples sent to Google. In contrast, a similar experiment showed that on an iOS Apple device with Safari (where neither Android nor Chrome were used), Google could not collect any appreciable data (location or otherwise) in the absence of a user interaction with the device.”

The study shows the data traffic sent to Google from idle Android and iPhone mobiles.

A banking trojan malware scheme most likely run by a cyber criminal gang is ramping up its operations by targeting several new financial institutions in a previously untargeted region in what security researchers warn could be a test run for launching a global campaign.

BackSwap banking malware first appeared in March and operates like other trojans in that it has the end goal of stealing bank details and draining accounts.

The code is based on that of the Tinba trojan but is run as an entirely separate criminal project, with those behind BackSwap keeping the code to themselves – it’s believed to be owned by a criminal gang and isn’t distributed commercially on underground forums.

The malware initially only targeted Polish banks, but researchers at IBM X-Force have warned that it’s now also targeting customers of six banks in Spain. The distribution still isn’t that widespread, but BackSwap could be warming up for a major campaign.

“The limited number of banks in each country so far may suggest that BackSwap is still in testing. Our research team expects to see more testing in other geographies in the coming weeks, and possibly a wider scope of attack for this Trojan in the fourth quarter of 2018,” said Limor Kessem, executive security advisor at IBM.

Once installed on a system, the malware injects JavaScript into the address bar which it can use to bypass security protections of both the browser and any third-party security controls run by the bank itself.

BackSwap the operates like other trojans by using man-in-the-middle attacks to alter what the user sees in order to steal information.

Attackers have been known to alter account numbers of the recipients of bank transfers, re-routing the payment – and details – to themselves – all while the user is presented with information that doesn’t indicate anything has been changed, so they’re unaware they’ve been a victim of an attack.

BackSwap currently doesn’t feature among the most promiment forms of banking trojan, but it’s still effective and if the campaigns do get larger, it could easily become one of the most prevalent forms of financial malware.

As the malware is often delivered via spam emails, users can go a long way to preventing themselves from becoming victims of BackSwap by being mindful of unsolicited messages and unexpected email attachments.

Users can also provide an additional layer of protection against this kind of attack by ensuring two-factor authentication is activated on their bank account when possible.

A data breach has taken place at a Melbourne high school which resulted in the confidential healthcare records of students being published online.

More security news

The security incident, which took place at Strathmore secondary college in Melbourne, was deemed “nothing short of appalling” by Victoria education minister, James Merlino, as reported by The Guardian.

In total, over 300 records were reportedly published online late Monday evening and remained available until Tuesday. The records included data on student physical and mental health conditions, medications required, as well as behavioral and learning difficulties.

“It’s distressing for students and their parents because it may result in embarrassment, in bullying,” Merlino said. “These things should not happen.”

In July, SingHealth, Singapore’s largest group of healthcare institutions, revealed that personal data belonging to 1.5 million patients — including the prime minister — had been “accessed and copied” without consent. National identification numbers, addresses, and dates of birth were involved in the breach.

ZDNet has reached out to Strathmore college and will update if we hear back.

Previous and related coverage

What if you had two extra arms to help you with day-to-day tasks? A robotic backpack designed by Yamen Saraiji, an assistant professor at the Graduate School of Media & Design at Keio University in Japan, will get you part of the way toward realizing Dr. Otto Octavius’s engineering vision.

With one catch: Someone else will be controlling the arms.

Saraiji’s creation, which was featured recently in the design and architecture publication dezeen, consists of two articulated robotic arms and a robot head that peeks over the user’s shoulder. Worn like a backpack, the arms are controlled by a remote user via an Oculus Rift and Touch device.

The remote user shares the perspective of the wearer via two cameras mounted in the robot’s head. Just as a nurse acts as a second pair of hands for a doctor in an operating room, the surrogate robot enables a distant assistant to physically lend a helping hand.

The idea is an evolution on the concept of telepresence robots, which physically embody remote workers, enabling them to navigate offices and interact with coworkers. Though the robot is more conceptual than practical at this stage, it’s easy to envision a use case in enterprise training, for example.

Service technicians in specialized industries may also find a use for this type of device. Augmented reality has very quickly been adopted by field service technicians, enabling high-level experts to more readily distribute their knowledge to technicians in the field. The addition of two articulated arms could help physically embody technical experts in far-flung locations.

This isn’t Saraiji’s first foray into human limb augmentation. A previous project called MetaLimbs enabled users to control a pair of robot arms via their legs, giving seated workers two additional upper-body limbs.

More security news

Onavo was acquired by Facebook in 2013. At the time, Onavo was known for Insights, a market intelligence service which analyzed data to monitor market share and active usage of apps, as well as how people were using their devices — a service Facebook was naturally interested in.

The app offers a free virtual private network (VPN), commonly used to help disguise your digital footprint and browsing activities.

Onavo is still available on Google Play and has been downloaded over 10 million times.

“Onavo may collect your mobile data traffic,” the app’s description reads. “This helps us improve and operate the Onavo service by analyzing your use of websites, apps, and data. Because we’re part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences.”

According to a source familiar with the matter, Facebook is able to use the information collected by the app to paint a picture of how iOS users use their mobile devices outside of the standard Facebook application.

However, this data slurping has not gone unnoticed by Apple, which reportedly told Facebook in June that the app violated a new set of privacy rules implemented in June.

The new rules are designed to prevent developers from being able to collect user data in bulk and to limit ad targeting.

In addition, the iPad and iPhone maker reportedly told Facebook that Onavo also breaks the rules when it comes to using data which is not directly relevant to the app itself.

The WSJ says that Apple and Facebook met last week to discuss the problem, where Apple representatives suggested that the social media giant voluntarily remove the software from the App Store.

Onavo will remain — at least, for now — on the Google Play store, but the app can no longer be downloaded from the iOS counterpart. In addition, while current users of the app will still find it to be functional, Facebook will not be able to push any updates.

An Apple spokesperson said, “We work hard to protect user privacy and data throughout the Apple ecosystem.”

Onavo is yet another hurdle for Facebook to overcome but it is little in comparison to the Cambridge Analytica data scandal which has surrounded the company for months.

Data was slurped from users of a Cambridge Analytica quiz app, as well as their contacts, without consent. In total, up to 87 million users had their data “improperly shared” and collected by the London-based firm.

In July, the UK’s Information Commissioner’s Office (ICO) said it was considering the imposition of a £500,000 fine to Facebook over the scandal, the maximum the data watchdog could issue before the EU General Data Protection Regulation (GDPR) was formally introduced.

“We’ve always been clear when people download Onavo about the information that is collected and how it is used,” Facebook said in a statement. “As a developer on Apple’s platform we follow the rules they’ve put in place.”

Previous and related coverage

Researchers have uncovered a new campaign by the infamous Lazarus group which targets cryptocurrency exchanges in order to spread malware to Windows and macOS users.

More security news

According to Kaspersky Lab, the new campaign, dubbed AppleJeus, first surfaced in an attack against a cryptocurrency exchange. Based in Asia, the cryptocurrency trading post’s network was infected with a Lazarus Trojan, leading to the distribution of the malware to both Windows and macOS machines.

The team says that the Trojan — which was previously only connected to Windows machine infections — aims to steal cryptocurrency from users.

Previously, Lazarus has been connected to attacks against South Korean think tanks and other political targets which utilize Windows zero-day vulnerabilities.

Despite the fact that the state-sponsored group has been rewriting old code to create new attacks, they should not be underestimated.

One of the latest targets of interest to the group appears to be cryptocurrency, potentially due to the virtual coins’ worth as a financial asset. Lazarus has already initiated a set of cryptocurrency theft-related schemes, including the use of phishing emails embedded with malware designed to compromise user wallets.

This trend appears to have continued but emails are no longer enough — now, entire exchanges are on the Lazarus radar.

Lazarus has not gone in with all guns blazing, however. Instead, the threat group permeated the exchange by creating and offering seemingly legitimate software online.

Kaspersky says that a company employee unwittingly downloaded a third-party application from a website domain offering software for cryptocurrency trading. The website and software did not appear malicious.

However, the software contained an updater module which collects basic information on PCs and sends the data to a command-and-control (C&C) server.

If the threat actors decide the PC is “worth attacking,” then a software update is sent, according to the researchers. This ‘update,’ available in both Windows and Mac variants, installs the Fallchill Trojan, an old tool which Lazarus has recently picked back up.

The Trojan can be used for the theft of financial information and wallet compromise, as well as the execution of additional malicious payloads.

The company which offered the malicious software has a valid digital certificate for signing the software, which would make detecting the malicious element of the software extremely difficult. Kaspersky was also unable to identify the organization that offered the certificate.

“We noticed a growing interest of the Lazarus Group in cryptocurrency markets at the beginning of 2017 when Monero mining software was installed on one of their servers by a Lazarus operator,” said Vitaly Kamluk, Head of GReAT APAC, Kaspersky Lab. “Since then, they have been spotted several times targeting cryptocurrency exchanges alongside regular financial organizations.”

“The fact that they developed malware to infect macOS users in addition to Windows users and — most likely — even created an entirely fake software company and software product in order to be able to deliver this malware undetected by security solutions, means that they see potentially big profits in the whole operation, and we should definitely expect more such cases in the near future,” Kamluk added.

Previous and related coverage

Alphabet’s Waymo autonomous driving unit can be on a $1 billion revenue run rate before 2020 and hit $10 billion a bit after 2025, according to an Evercore ISI analysis.

Then after that initial surge the big bets on Waymo will be off, according to Evercore ISI analyst Anthony DiClemente.

What’s interesting about DeClemente’s analysis is that the assumption is that Waymo will become an Uber and Lyft killer instead of grabbing some technology portion of the $5 trillion auto transportation market. If anything, Waymo as taxi service may wind up funding more technology advances.

DiClemente said in a research note:

Backed by the financial and technical support of its parent company Alphabet, we believe Waymo, enjoys strategic advantages likely to prove critical in the scaled operation of autonomous ride services, including: 1) AI/computer vision; 2) hyper-scale cloud compute infrastructure; and 3) ubiquitous distribution of mapping services. With commercial service set to launch in Phoenix by year-end, and ~80k vehicles on order from OEMs, we contend that the Waymo narrative should soon shift from long-term opportunity to near-term execution.

What will Waymo do? Simply put, DiClemente argued that Waymo will undercut Uber and Lyft by about 25 percent. Waymo can be aggressive on pricing and grab share because it doesn’t have to pay human drivers. Waymo will have about 56,000 vehicles in service in 2020, according to DiClemente.

Waymo also has a city-by-city roadmap with service starting in Phoenix later this year. In addition, Waymo’s autonomous miles traveled is growing 15 percent a month. That experience makes the overall Waymo fleet smarter. The DiClemente analysis assumes major cities in California, Florida and Texas allow for Waymo operation.

Here’s a look at the Waymo potential economics:

DiClemente makes a compelling case for Waymo through the mid-2020s, but then the analyst noted that there are long-term wild cards. Cities and urban planning will be more clear and regulations can emerge. The other wild-card is that automakers that are behind Waymo will likely catch up. The other possibility is that Waymo ultimately licenses its technology as an ingredient brand. Such a move would mean fatter margins and would require less upfront capital spending.

Qantas has revealed that more than half of its Boeing 737 domestic fleet has now been equipped with in-flight Wi-Fi while the rollout of the service across its Airbus A330 aircraft is now under way, with its entertainment Net Promotor Score increasing during FY18 due to the offering.

“These numbers show a company that’s delivering across the board,” Qantas CEO Alan Joyce said during the company’s full-year financial results report on Thursday.

“Our investment in free Wi-Fi and cabin improvements are delivering a better experience for customers as well as higher earnings for Qantas and Jetstar.”

According to the Australian airline, its total unit cost increased by 2.7 percent during the year due to the addition of in-flight Wi-Fi as well as higher fuel prices. Net capex of AU$1.97 billion also included the installation of Wi-Fi on domestic aircraft, alongside the purchase of 787-9 Dreamliners and lounge upgrades.

Overall, Qantas reported statutory net profit of AU$980 million, up from AU$853 million a year earlier, on revenue of AU$17.1 billion, up 6.2 percent from AU$16.1 million last year.

Passenger revenue was AU$14.7 billion and freight revenue AU$862 million, with Qantas Domestic bringing in AU$5.97 billion, up from AU$5.6 billion; Qantas International AU$6.89 billion, up from AU$6.4 billion; Qantas Loyalty AU$1.55 billion, up from AU$1.5 billion; and Jetstar Group AU$3.8 billion, up from AU$3.6 billion.

Qantas had last month revealed that some of its international passengers would be trialling biometric technology at Sydney Airport, with the first phase using facial recognition for automated flight check-in and bag drop, lounge access, and plane boarding.

The next stages will include mobile check-in and automated border processing via facial recognition.

“There is an increasing need for airlines and airports to offer faster and more convenient airport experiences and we’re excited to see what results the trial produces,” Qantas chief customer officer Vanessa Hudson said.

Sydney Airport said consent is actively sought from all passengers and the “strictest level of privacy” is adhered to on behalf of those participating in the trial.

Qantas labelled cybersecurity and data governance as one of its biggest risks in the full-year financial results report, as the threats are “continuously evolving”.

“Qantas remains focused on further strengthening its governance, processes, and technology controls to continue to protect the integrity and privacy of data and maintain compliance with regulatory requirements,” the airline said.

“The Qantas group’s ongoing investment in cyber transformation initiatives, together with its extensive control and risk framework, operate to reduce the likelihood of cybersecurity and data privacy incidents, assisting with the early detection and mitigation of impact. Given the nature of this risk, the appropriateness of the controls is continuously reviewed by the group Cyber and Privacy Committee and is subject to independent assurance on a periodic basis.”

Qantas had in February revealed that is was rolling out Wi-Fi to its domestic fleet at a rate of around one aircraft per week, with the majority to be complete by the end of 2018.

At the time, Qantas said it had 22 Boeing 737 planes kitted out with the connectivity technology, or more than 30 percent of its 737-800 fleet, with Joyce partially attributing the “record” Qantas Domestic first-half financial results to the in-flight Wi-Fi program.

Qantas announced a six-month statutory profit after tax of AU$607 million, up 17.9 percent year on year, on revenue of AU$8.66 billion, up 5.8 percent.

Qantas announced an acceleration of its in-flight Wi-Fi rollout across its domestic Airbus 330 and Boeing 737 aircraft last August, following the completion of its trial along with regulatory approval for the service, further revealing that it is “waiting for an improved technology that will allow fast Wi-Fi for our international routes”.

The airline commercially launched its free in-flight Wi-Fi in beta mode on-board its Boeing 737 VH-XZB aircraft that travels between Melbourne, Sydney, and Brisbane in April 2017, with a series of live tests during its first flight seeing speeds between 2.57Mbps and 7.24Mbps download and 0.26Mbps and 0.61Mbps upload.

During initial testing in February, Qantas had connected 140 passengers with an average of 1.6 devices each to the Wi-Fi system at download speeds of between 7Mbps and 12Mbps.

Originally, Qantas was aiming to enable access speeds of up to 20Mbps per passenger, with satellite communications service provider ViaSat looking to provide a service-level guarantee to Qantas of 12Mbps at all times throughout the flight once the service leaves beta mode.

A satellite antenna will be mounted on top of each aircraft by Qantas engineers, along with several wireless access points, resulting in similar signal strength for all passengers no matter where they are seated on the plane.

Qantas last year also developed an app with GE to cut carbon emissions and announced kitting out a second domestic 737 aircraft with new Wi-Fi technology from ViaSat ahead of eight more gaining the equipment by the end of September 2017. ViaSat’s new equipment is tipped to provide faster speeds and more reliable connections.

Around 80 Boeing 737 and Airbus 330 aircraft are expected to be fitted out with the service by late 2018. Once the rollout is complete, around 15 million customers per year will experience the free on-board Wi-Fi.

Companies are increasingly dependent on mobile platforms to power their business operations and to enable a productive workforce — and that means hiring top-notch developers to build the apps they need.